Blame SOURCES/0007-SYSDB-Inherit-cached_auth_timeout-from-the-main-doma.patch

5fca41
From fedfc4fa5978dc0ef2c3b6efcd1e9462a8575b3a Mon Sep 17 00:00:00 2001
5fca41
From: Jakub Hrozek <jhrozek@redhat.com>
5fca41
Date: Thu, 7 Mar 2019 22:13:32 +0100
5fca41
Subject: [PATCH] SYSDB: Inherit cached_auth_timeout from the main domain
5fca41
MIME-Version: 1.0
5fca41
Content-Type: text/plain; charset=UTF-8
5fca41
Content-Transfer-Encoding: 8bit
5fca41
5fca41
cached_auth_timeout is a domain option used by the responder. And
5fca41
because at the moment the options read from a subdomain section (e.g.
5fca41
[domain/main/trusted] are only those represented by the back end specific
5fca41
dp_option structure instance, the option cached_auth_timeout, which
5fca41
is directly read from the confdb was not set for the main domain.
5fca41
5fca41
This is a minimal patch that just inherits the option from the main
5fca41
domain until SSSD has a more systematic way of inheriting config
5fca41
attributes regardless of how they are read and set.
5fca41
5fca41
Resolves:
5fca41
https://pagure.io/SSSD/sssd/issue/3960
5fca41
5fca41
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
5fca41
(cherry picked from commit 4dd268333ca9ca13555f5dfbd2928154b885a3e7)
5fca41
---
5fca41
 src/db/sysdb_subdomains.c | 1 +
5fca41
 src/man/sssd.conf.5.xml   | 5 +++++
5fca41
 2 files changed, 6 insertions(+)
5fca41
5fca41
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
5fca41
index e380e6c8b..34d052fdd 100644
5fca41
--- a/src/db/sysdb_subdomains.c
5fca41
+++ b/src/db/sysdb_subdomains.c
5fca41
@@ -154,6 +154,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
5fca41
     dom->cache_credentials = parent->cache_credentials;
5fca41
     dom->cache_credentials_min_ff_length =
5fca41
                                         parent->cache_credentials_min_ff_length;
5fca41
+    dom->cached_auth_timeout = parent->cached_auth_timeout;
5fca41
     dom->case_sensitive = false;
5fca41
     dom->user_timeout = parent->user_timeout;
5fca41
     dom->group_timeout = parent->group_timeout;
5fca41
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
5fca41
index ef5a4b952..41ba7b924 100644
5fca41
--- a/src/man/sssd.conf.5.xml
5fca41
+++ b/src/man/sssd.conf.5.xml
5fca41
@@ -2962,6 +2962,11 @@ subdomain_inherit = ldap_purge_cache_timeout
5fca41
                             authenticated using cached credentials while
5fca41
                             SSSD is in the online mode.
5fca41
                         </para>
5fca41
+                        <para>
5fca41
+                            This option's value is inherited by all trusted
5fca41
+                            domains. At the moment it is not possible to set
5fca41
+                            a different value per trusted domain.
5fca41
+                        </para>
5fca41
                         <para>
5fca41
                             Special value 0 implies that this feature is
5fca41
                             disabled.
5fca41
-- 
5fca41
2.19.1
5fca41